CN105024824B - The generation and verification method and system of credible label based on rivest, shamir, adelman - Google Patents

Abstract

The generation and verification method and system of the invention proposes a kind of credible label based on rivest, shamir, adelman, by the way that credible label raw information, tag identifier, commodity sign, the public key information of rivest, shamir, adelman, digital certificate information, digital signature information and trusted timestamp or trusted identity timestamp information are generated credible label；When needing to use or verify the credible label, ensure that credible label generates the validity and integrality of time and content by verifying trusted timestamp in credible label or trusted identity timestamp information, by verifying the validity of the digital certificate in credible label or the legitimacy of public-key cryptography, to authenticate the identity of credible label owner, and by verifying the digital signature in credible label, so that it is determined that the integrality of the credible label substance, realizes the antiforge function to commodity by the uniqueness of verifying tag identifier and the uniqueness of commodity sign.

Description

The generation and verification method and system of credible label based on rivest, shamir, adelman

Technical field

The present invention relates to cryptography, computer network security and product false proof fields, and specifically, The present invention gives one The generation and verification method and system of credible label of the kind based on rivest, shamir, adelman.

Background technique

Rivest, shamir, adelman is a kind of time slot scrambling of key.Rivest, shamir, adelman needs two keys: disclosing close Key (public key) and private cipher key (private key).Public-key cryptography and private cipher key are a pair, if using public-key cryptography Data are encrypted, could only be decrypted with corresponding private cipher key；If encrypted with private cipher key pair data, It could only be decrypted with corresponding public-key cryptography.Because encryption and decryption use two different keys, this calculation Method is called rivest, shamir, adelman.

The cryptographic system (Identity-Based Cryptograph, abbreviation IBC) of identity-based mark is a kind of non-right The public key cryptography system of title.The concept of id password proposed that main viewpoint was not required in system in 1984 by Shamir Certificate is wanted, uses mark such as name, IP address, E-mail address, phone number of user etc. as public key.The private key of user It is calculated by key generation centre (Key Generate Center, abbreviation KGC) according to system master key and user identifier. The public key of user is uniquely determined by user identifier, so that user does not need third party to guarantee the authenticity of public key.

Conbined public or double key CPK (Combined Public Key) is a kind of to become existing public key system based on mark Many algorithms are dexterously combined, realize based on mark by establishing the framework of science by the universal method of public key system Key generate, can support digital signature based on mark and key exchange.The well-known information security in China and cryptographist south The great professor in Hunan proposed the conception of CPK combined public-key scheme in 1999, and the externally formal announcement in 2003.

PKI (Public Key Infrastructure) is a kind of public key concept and technology i.e. " Public Key Infrastructure " Implement and the security infrastructure with universality of security service is provided, is that a kind of key management for following written standards is flat Platform, it can provide the cryptographic services such as encrypted and digitally signed and necessary key and certificate management body for all-network application System, in simple terms, PKI are exactly the infrastructure for the offer security service established using public key theory and technology.PKI technology is letter Cease the core of safe practice and the key and basic technology of e-commerce.

PKI technology uses certificate management public key, passes through third-party trusted authorities-CA (Certificate Authority) authentication center bundles the public key of user and the other identifier information of user, and verifying is used on the internet The identity at family.Currently, general method is using the digital certificate established on the basis PKI, by the number to be transmitted Information is encrypted and is signed, and guarantees confidentiality, authenticity, integrality and the non-repudiation of information transmission, to guarantee to believe The safe transmission of breath.PKI is to provide the infrastructure of security service for Internet communication based on public key algorithm and technology, be create, Issue, manage, nullifying the aggregate of all softwares, hardware involved by public key certificate.Its core element is digital certificate, core Heart executor is ca authentication mechanism.

Complete PKI system must have authoritative digital certificate authentication center (CA), digital certificate library, cipher key backup and Recovery system, certificate cancel the basic composition parts such as system, application interface (API), and building PKI also will be around this five big systems To set about constructing.The basic technology of PKI includes encryption, digital signature, data integrity mechanism, digital envelope, dual number label Name etc..One typical case, complete, effective PKI application system should at least have following part:

Public key certificate management.

The publication and management of blacklist.

The backup and recovery of key.

Automatically update key.

Automatic management history key.

Support cross-certification.

Digital signature, also referred to as public key digital signature, refer to one group of specific symbol being attached in a certain electronic document or Code, it is to carry out key message extraction to the electronic document using mathematical method and cryptographic algorithm and encrypted and formed , for the approval to electronic document of identity and label originator of identification issuer, and can the person of being received be used to verify the electronics Whether document is tampered or forges in transmission process.Detailed process is as follows for digital signing operations: sender is to the electricity being signed Subfile (claiming electronic message in Electronic Signature Law) does digital digest with hash algorithm, then makes to digital digest of signature private key Asymmetric encryption, that is, do digital signature, is to add the public key of above signature and electronic document original text and signing certificate later Signature result is formed together and is sent to debit, is verified to debit.After recipient receives data, the public key solution of sender is used first Close digital signature exports digital digest, and does same hash algorithm to electronic document original text, obtains a new number and plucks It wants, the cryptographic Hash that two are made a summary carries out result comparison, and as a result if identical, signature is verified, and otherwise signature is invalid.

Digital certificate is called " digital ID card ", " digital ID ", is by authentication center's granting and authenticated center CA number Signature, a kind of electronic document comprising public-key cryptography owner and public-key cryptography relevant information can be used to prove number The true identity of certificate holder.Simplest certificate includes the number of a public-key cryptography, title and certificate authority Signature.It under normal circumstances further include the effective time of key, the title of licence issuing authority (certificate authority), the certificate in certificate Information, the format of certificate such as sequence number follow ITUT X.509 international standard.

HASH is hashed, also referred to as Hash, i.e., the input of random length (is called and does preliminary mapping, pre-image), passed through HASH algorithm is transformed into the output of regular length, which is exactly HASH value (also known as digital digest).This conversion is a kind of pressure The space of contracting mapping, i.e. hash HASH value is generally much less than the space inputted, and different inputs may generate identical output, But input value can not be uniquely determined from hashed value.

Trusted timestamp is to stab standard " RFC3161 " according to international time by authoritative trusted timestamp service centre to sign and issue One can prove that electronic message (electronic document) a time point be it is already existing, complete, can verify that have law The electronic certificate of effect, trusted timestamp are mainly used for the anti-tamper and subsequent denial of electronic document, determine what electronic document generated Correct time.Trusted timestamp (time-stamp) is the voucher document of formation after one encrypted, it includes three parts:

(1) digital digest (digest) for the file that need to be added timestamp；

(2) trusted timestamp server receives the date and time of file；

(3) digital signature (being generated according to (1) and (2) content) of trusted timestamp server.

It X.500 is defined by international standard committee ISO (Internetional Standards Organization) Directory standard, include from X.501 to a series of catalogue data services such as X.509.It is logical for X.500 client computer and server The agreement of letter is DAP (Directory Access Protocol).X.500 there is important role to PKI, it defines PKI The scheme of data storage and access in system has been come at the LIST SERVER access entrance of PKI system using standardized method It is accessed at the storage of the data structures such as certificate and certificate revocation list.

LDAP (Lightweight Directory Access Protocol) is generated in X.500 standard base One simple version is a subset of X.500 directory access protocol DAP in standard, simplifies and completely X.500 realize function Can, and extend the support to ICP/IP protocol system.

Two dimensional code, also known as two-dimensional bar code are with certain specific geometric figure according to certain rules at plane (two-dimensional directional) The chequered with black and white graphic recording data symbol information of distribution, it is dexterously patrolled using composition computer-internal in code compilation " 0 " on basis, the concept of " 1 " bit stream are collected, indicates text numerical value using several geometrical bodies corresponding with binary system Information, by image input device or photoelectric scanning device automatically identifying and reading to realize automatic processing of information.It has barcode technology Some general character: every kind of code system has its specific character set；Each character occupies certain width；With certain verifying function Deng.Also have the characteristics that simultaneously rotationally-varying to the information automatic identification function and processing figure do not gone together.Common code system Have: Data Matrix, MaxiCode, Aztec, QR Code, Vericode, PDF417, Ultracode, Code 49, Code 16K etc..

Error Correction of Coding: as needed by code word data sequence piecemeal, and according to the code word of error-correction level and piecemeal, error correction is generated Code word, and error correction code word is added to behind code word data sequence, become a new sequence.

In the case where two dimensional code specification and error-correction level determine, it can be accommodated in fact code word sum and error correction code word It is several also to determine that, such as: version 10 when error-correction level is H, can accommodate 346 code words in total, wherein 224 error correction code words. That is about 1/3 code word is redundancy in two-dimension code area.For this 224 error correction code words, it can correct 112 and replace Generation mistake (such as black and white is reverse) either refuses read error (can not read or can not decode), such error correction capability are as follows: 112/ for 224 346=32.4%

RFID (Radio Frequency Identification), i.e. radio frequency identification, also known as electronic tag are a kind of non- The automatic identification technology of contact.It identifies specific target by radio signals, and reads and writes relevant data, without Identifying system and this target have mechanical either optical contact.Each RFID tag has unique electronic code.

NFC (Near Field Communication), i.e. wireless near field communication, are initiated by PHILIPS Co., by A featured wireless technology of the well-known manufacturers such as Nokia, Sony joint.NFC is by non-contact radio-frequency identification (RFID) and interconnection Interworking technology integration is evolved, and combines induction type card reader, icah wavw and point-to-point function, energy on a single chip It is identified and exchanged data in short distance with compatible equipment.This technology is initially the letter of RFID technique and network technology It is single to merge, a kind of short-distance wireless communication technology is had evolved into now, and developing state is quite rapid.

Credible label described in this patent refers to limited storage space, and carries anti-tamper and anti-repudiation information figure Label, digital label or chip tag, the information carried in this label are carried out by asymmetric encryption techniques method Signature authentication or encryption, the form of expression can be two dimensional code, RFID tag, NFC label, electronic tag, chip tag, Sensor tag etc..

With the development of computer security technique, rivest, shamir, adelman has at home and abroad been widely used.But This mature technology never has the safety issue for being used to properly settle the labels such as two dimensional code or NFC, one of root The problem of person's character is the nothing since the intrinsic information storage space of the labels such as two dimensional code, RFID tag or NFC label is extremely limited Method include again while carrying more raw information for guaranteeing safe complete digital certificate, digital signature, timestamp, Or other asymmetric encryption information, therefore it not can solve the distribution problem of the verification information, it just can not be using described non- Symmetric cryptosystem.In this patent, we have proposed the methods for properly settling the distribution problem.

Traditional anti-counterfeiting technology include Laser Holographic Counterfeit-proof Technique, chemical ink anti-counterfeiting technology, latent image anti-counterfeiting technology, Miniature anti-counterfeiting technology etc..These existing technologies do not have uniqueness and exclusivity, are easily replicated to cannot achieve real meaning It is anti-fake in justice.Also occur at present it is some by realizing anti-fake technological means to two dimensional code or RF tag encryption, still The encryption of anti-counterfeiting information in the prior art is to be realized by publisher's proprietary technology, therefore different publishers needs with not With equipment or software verify, cause to verify equipment or software can not generalization, and safety also cannot be guaranteed, thus It is extremely limited the promotion and application of these anti-counterfeiting technologies.

Summary of the invention

The purpose of the present invention is to provide a kind of generations of credible label and verification method and system, it is intended to solve existing skill The problems such as art safety is poor, realizes complexity, at high cost, poor universality.

It proposes directly digital certificate can be embedded in the distribution problem for realizing certificate in credible label in the present invention, therefore The digital certificate for the credible label owner of acquisition that authentication module can be convenient, to realize label substance using digital signature Anti-tamper purpose.In addition, according to the different purposes of digital certificate, CA can specify different validity periods when signing and issuing digital certificate. After digital certificate is expired, CA will no longer guarantee the authenticity of its content information, thus expired digital certificate be it is invalid, no It is believable.For some reason, as private key for user leaks or the identity of user changes, initiative abolishes former certificate, from And CA is caused to announce digital certificate failure.These factors constrain the validity period of credible label.This patent draws in credible label Enter Digital Time-stamp, for proving the Production Time of credible label, to efficiently solve this defect.Because of digital signature It is anti-tamper to achieve the purpose that can to guarantee the integrality of information with timestamp, therefore in specific implementation, label The anti-tamper of the contents such as the network address of raw information, tag identifier and commodity sign, authentication server can be by digital signature It realizes, can also be realized respectively by one of both simultaneously with timestamp.

Credible label owner needs to pay every year the annual fee of great number for the digital certificate of oneself, therefore credible in order to reduce The cost of label owner proposes the scheme for exempting from digital certificate in the present invention, or generated using label owner oneself Unsymmetrical key.The public-key cryptography and private cipher key of credible label owner can be generated by three kinds of approach: 1) by IBC's Key generation centre (KGC) generates public-key cryptography and private cipher key, can be the identity such as company of credible label owner The information such as title, IP address, E-mail address, phone number are as public-key cryptography；2) it is generated by the key generation centre of CPK Public-key cryptography and private cipher key, can be the identity of credible label owner such as Business Name, IP address, E-mail address The information such as location, phone number are as the user identifier for generating key；3) public-key cryptography is generated by unsymmetrical key Core Generator And private cipher key, and public-key cryptography and identity information are stored in the public-key cryptography library in local or cloud, it is open by retrieval The validity of public-key cryptography is verified in cipher key store with the presence or absence of the disclosure key.Credible label substance is tampered in order to prevent, Private cipher key, relevant parameter and the signature algorithm that credible label owner is generated using above-mentioned three kinds of methods are to credible label Content sign.Because of the signature obtained by private cipher key, can only be just able to verify that by corresponding public-key cryptography, thus Ensure the authenticity and non repudiation of owner's identity of credible label.

In order to simplify the generation and verifying of credible label, and the credible label owner generation of convenient not digital certificate Credible label, this patent propose trusted identity timestamp on the basis of trusted timestamp.Not with traditional trusted timestamp Same to be characterized in that, trusted identity timestamp increases identity information, i.e., is made of four parts:

(1) digital digest (digest) for the file that need to be added timestamp；

(2) identity information by certification of the owner for the file that need to be added timestamp；

(3) trusted timestamp server receives the date and time of file；

(4) digital signature of trusted timestamp server (according to (1), (2) and (3) content are generated).

Compared with trusted timestamp, trusted identity timestamp cannot be only used for the anti-tamper and subsequent denial of electronic document, really Determine the correct time of electronic document generation, and the trusted identity of electronic document owner can be verified.Therefore, when trusted identity Between stamp be applicable not only to credible label, be also applied for the electronic document of other forms, such as electronic contract, electronic insurance policy, electronics hair Ticket etc..

In order to save the expense of credible label and solve the limited defect in credible label intrinsic information space, mark can be used Sign information element (such as label raw information, digital certificate, digital signature, tag identifier, commodity sign, public key information, time Stamp, network address of authentication server etc.) network storage address or query information for inquiring database replace marking Database is downloaded or inquired to the complete content for signing information element by network when verifying label to obtain label information element Complete content, or directly verify beyond the clouds.

Because digital signature and timestamp can guarantee that the integrality of information is anti-tamper to achieve the purpose that, In specific implementation, label information element (such as label raw information, digital certificate, digital signature, tag identifier, commodity mark Knowledge, public key information, timestamp, network address of authentication server etc.) the anti-tamper of content can be by digital signature and timestamp It realizes, can also be realized respectively by one of both simultaneously.

As shown in figure 5, when high-resolution patterned credible label in the first printing, republish and copying and printing When, since printed resolution is lower than output resolution ratio required by credible label graphic, information loss can be generated.Therefore, The credible label of graphic form is replicated in order to prevent, can be by adjusting the resolution ratio and printing of credible label generated Size, make to republish the picture of credible label obtained after replicating or the digital information for being included it is different, thus by comparing The picture for the label verified or the digital information for being included whether the information with the credible label of the first printing saved Unanimously achieve the purpose that credible label anti-copying；It can also be by adjusting the resolution ratio and printing ruler of credible label generated Very little, although the label for obtaining the first printing produces the loss of information or the mistake of information, but still can be with by error correction Correctly distinguished, however the label by replicating the first printing loses more information or introduces more mistakes, So that being more than the error correcting capability of credible label so that it cannot correct distinguish, to reach the mesh of credible label anti-copying 's；It, can be in credible label in order to avoid duplicator evades by amplifying the method for credible label graphic the loss of printing information In the credible label comprising the first printing dimension information, and the size is digitally signed to prevent from being tampered, When verifying credible label, dimension information included in the printed dimensions and label by comparing current credible label is realized The purpose of credible label anti-copying.

Specifically, the present invention discloses generation and the verification method of a kind of credible label based on rivest, shamir, adelman, The following steps are included:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Credible label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, the original letter of credible label is determined The authenticity and non repudiation of the integrality and non-repudiation of breath and credible label owner identity；

The credible tag encryption protocol module includes digital certificate information and digital signature information；It is verified in step 4 It can beacon

When signing cryptographic protocol module, the validity by verifying the digital certificate information in credible label verifies credible label Owner

Identity, the integrality of credible label raw information is determined by verifying the digital signature information in credible label.

A kind of generation of the credible label based on rivest, shamir, adelman and verification method, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Credible label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, the original letter of credible label is determined The authenticity and non repudiation of the integrality and non-repudiation of breath and credible label owner identity；

The credible tag encryption protocol module include digital certificate information, digital signature information, trusted timestamp or Person is credible

Identity timestamp information；When step 4 verifies credible tag encryption protocol module, by verifying in credible label Number

The validity of certificate information authenticates the identity of credible label owner, by verifying the digital signature in credible label Information is true

The integrality of the raw information of fixed credible label, by verifying trusted timestamp or credible body in credible label Part time

Stamp information ensures that credible label generates the integrality of time and content.

A kind of generation of the credible label based on rivest, shamir, adelman and verification method, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Credible label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, the original letter of credible label is determined The authenticity and non repudiation of the integrality and non-repudiation of breath and credible label owner identity；

The credible tag encryption protocol module includes trusted identity timestamp information；Verifying credible tag encryption association Discuss module

When, pass through the trusted identity timestamp information in the credible label of verifying, it is ensured that credible label generates time and interior That holds is complete

Whole property, and the identity of the credible label owner of certification.

A kind of generation of the credible label based on rivest, shamir, adelman and verification method, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Credible label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, the original letter of credible label is determined The authenticity and non repudiation of the integrality and non-repudiation of breath and credible label owner identity；

The cryptographic protocol module includes public key information and digital signature information；

When verifying credible tag encryption protocol module, label owner's identity is verified by verifying public key information It is true

Property and non repudiation, determine credible label raw information by verifying the digital signature information in credible label Integrality

And non repudiation.

A kind of generation of the credible label based on rivest, shamir, adelman and verification method, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Credible label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, the original letter of credible label is determined The authenticity and non repudiation of the integrality and non-repudiation of breath and credible label owner identity；

The credible tag encryption protocol module include public key information, digital signature information, trusted timestamp or Person is credible

Identity timestamp information；

When verifying credible tag encryption protocol module, label owner's identity is verified by verifying public key information It is true

Property and non repudiation, determine credible label raw information by verifying the digital signature information in credible label Integrality

And non repudiation, ensured by verifying trusted timestamp in credible label or trusted identity timestamp information It can beacon

Label generate the integrality of time and content.

Public key information in the credible label authenticates the identity of credible label owner according to the following method:

A. if public-key cryptography and private cipher key are the key generation centres by identity-based id password system (IBC) It generates, then the public key information includes the parameter information of public-key cryptography and verifying signature, or including storing public-key cryptography The network address information of information, or include the query information for inquiring the database comprising public key information；If can Digital signature authentication in beacon label passes through, then proves that public-key cryptography is legal, has also turned out the identity of credible label owner It is credible；

B. if public-key cryptography and private cipher key are raw by the key generation centre of Conbined public or double key management system (CPK) At, then the public key information includes public key matrix and mapping algorithm, or the network including storing public key information Location information, or include the query information for inquiring the database comprising public key information；If the number in credible label Word signature verification passes through, then the entity identifier for including in attestation-signatures is legal, has also turned out the identity of credible label owner It is credible；

C. it if public-key cryptography is the common key not comprising identification information, and is not included in digital certificate, then The public key information includes public-key cryptography, perhaps including store public key information network address information or including For inquire include public-key cryptography database query information, when verify public-key cryptography legitimacy need inquire local or Public-key cryptography library in cloud server,

If there are the digital signature authentications in the public-key cryptography and credible label to pass through in public-key cryptography library, Think that the identity of credible label owner is credible, it is otherwise insincere；

If the corresponding private cipher key of public-key cryptography has been leaked or failed, in the public-key cryptography library in local or cloud Delete corresponding public key information；Signature or Encryption Algorithm may be embodied in public key information, also can store Local or cloud；

D. if public-key cryptography is included in the digital certificate of oneself signature, the identity for authenticating credible label owner uses institute The method for stating C；If public-key cryptography is included in the digital certificate that authentication center CA is signed and issued, the public key information packet Digital certificate information is included, network address information perhaps including digital certificate information or including for inquiring comprising number The query information of the database of word certificate information, if digital certificate authentication passes through, and the digital signature in credible label is tested Card passes through, then the identity of credible label owner is credible, otherwise insincere.

The trusted identity timestamp is by trusted identity time stamp server to the precise date from authoritative time source And the time, according to credible label raw information generate digital digest, the identity information of the credible label owner by audit, It is digitally signed and generates.

If credible label is a kind of graphical label, because of output resolution ratio=image resolution ratio ÷ output image size, So making desired output resolution ratio by adjusting the resolution ratio of credible label generated and the printed dimensions of credible label Higher than the output resolution ratio of practical printing equipment, make to republish or the picture of credible label obtained after replicating or the number for being included Word information is different, thus by comparing the label verified picture or included digital information whether with saved first The information of the credible label of secondary printing unanimously achievees the purpose that credible label anti-copying；

If credible label has an error correcting capability, the graphics resolution of adjustable credible label and credible label Printed dimensions make desired output resolution ratio be higher than the output resolution ratio of practical printing equipment, therefore printing will all introduce every time New misprint makes the mistake generated when the first printing be not above level of error correction set by credible label, therefore still It can be distinguished by successful correction and correctly；However it is printed again by the credible label graphic of the duplication first printing When because introduce more misprints to be more than credible label set by level of error correction, the duplication can beacon Label will be unable to correctly distinguish, to realize the anti-copying of credible label；

It can in the label include label sizes information if credible label is a kind of graphical label of anti-copying, when When verifying credible label, graphical label is determined by size nominal in the full-size(d) and label of comparison current Graphics label Whether it is replicated and modifies.

Include credible tag identifier in the raw information of the credible label, is one for identifying a credible label Unique coding；

Include commodity sign in the raw information of the credible label, is one for identifying unique volume an of commodity Code；

If a credible label can be replicated, need first in each credible label comprising credible tag identifier When secondary verifying, the record verifying event information in authentication module or background server, to evade the same credible label quilt It reuses, in addition to realize to the multiple fake certifications of a commodity, needs on the part commodity that have should using multiple The credible label of the Unique Product mark of commodity, wherein the commodity sign of each credible label part commodity having the same and each From unique tag identifier, in addition, each credible label before verifying for the first time because these credible labels can be replicated It is secrecy (as increased coating)；

If a credible label is that irreproducible (such as chip tag has unique irreproducible ID, can be with Using the information as a part of tag identifier or tag identifier, to guarantee the uniqueness of the credible label and not reproducible Property), so comprising certain part commodity sign label can be used for the anti-fake of the part commodity, and it is not required to before verifying for the first time Any secrecy processing is done to the credible label；

If the tag identifier of a credible label is that irreproducible and label other contents can be written, This label can be recorded and be recycled in background program after commodity are used, and then re-write new commodity sign and be used for Another commodity it is anti-fake, to reduce anti-counterfeiting cost；

It is undesirable that credible label is reused, then credible label and commodity can be made to bind, when commodity are used It removes and is destroyed on Shi Kexin tags from merchandise.

The effective storage life that may include the label in the raw information of the credible label is verifying credible label When, while current time is verified whether in the effective storage life of the label, if current time is not in the effective of the label Using in the time, then the credible label is insincere.

If including digital certificate information in credible label, when being verified, number card is shown in display module Letter breath, so that verifier be facilitated to understand the identity information of credible label owner and the issuer information of digital certificate；

If in credible label including timestamp information, when being verified, Presentation Time Stamp is believed in display module Breath, so that verifier be facilitated to understand generation time of credible label；

If in credible label including trusted identity timestamp, show that trusted identity timestamp is believed when being verified Breath, so that verifier be facilitated to understand the generation time of credible label and the identity information of credible label owner；

If time t2 and the location information P2 and time t1 of last time good authentication that successful acquisition is verified to this and Location information P1 then calculates the displacement R=(P2-P1) and time difference T=(t2-t1) verified twice, and obtains speed V=R/T, If the value of speed V is more than the early warning speed (such as 100 kilometers per hour) of setting, alarm is generated in display module or cloud Information, during this verifying and last time verifying, verified label is being more than the speed operation of V for expression, is marked according to verifying The actual conditions of label and the size of speed V, can detect to a certain extent whether verified label is replicated.

A. the credible label includes at least one of:

A. complete digital certificate content；

B. the partial content of digital certificate；

C. the network storage address of digital certificate；

D. digital certificate library information；

E. digital certificate LIST SERVER information；

F. complete digital certificate chains；

G. the network storage address of digital certificate chains；

H. for inquiring the query information of the database comprising digital certificate or digital certificate chains；

I. complete digital signature；

J. the network storage address of digital signature；

K. for inquiring the query information of the database comprising digital signature；

L. complete public key information；

M. the network storage address of public key information；

N. for inquiring the query information of the database comprising public key information；

O. the tag identifier of credible label；

P. the commodity sign of credible label；

Q. the validity period of credible label；

R. complete credible label raw information；

S. the HASH value of credible label raw information；

T. the network storage address of credible label raw information；

U. for inquiring the query information of the database comprising raw information；

V. the identity information of credible label owner；

W. the network address of credible label Verification server；

B. if the credible label includes the network storage address of digital certificate or digital certificate chains, verifying can beacon Pass through network downloading digital certificate when signing cryptographic protocol module；

C. if the credible label includes the information of digital certificate library or LIST SERVER, credible label is verified Pass through network downloading or enquiring digital certificate when cryptographic protocol module；

D. if the credible label includes the network storage address of public key information, credible tag encryption association is verified Public key information is downloaded by network when discussing module；

E. if the credible label includes the network storage address of digital signature, credible tag encryption agreement is verified Digital signature is downloaded by network when module；

F. it if the credible label includes the network storage address of trusted timestamp or trusted identity timestamp, tests Trusted timestamp or trusted identity timestamp are downloaded by network when demonstrate,proving credible tag encryption protocol module；

G. it if including the identity information of credible label owner in the credible label raw information, verifies credible It can be by comparing identity information, the identity information in digital certificate, trusted identity in credible label raw information when label Whether the identity information in timestamp is credible come the identity for further verifying credible label owner；

H. the downloading and verifying of the credible label information may operate in the local of authentication module, also may operate in Cloud；

I. the raw information can be in plain text, can also be by encryption；

J. the raw information can be the HASH value or original contents of label original contents perhaps original contents Network storage address, or for inquire include original contents database query information；

K. if there is the credible label full stop to indicate that raw information terminates, credible tag encryption can be assisted View module is placed on behind the full stop；

L. the credible label is the form of printing or electronics；

M. the credible label is two dimensional code perhaps customized pattern perhaps RFID tag or NFC label, or Person's electronic tag, chip tag or sensor tag.

A kind of anti-counterfeiting system of credible label, including unsymmetrical key or digital certificate generate center, credible tag encryption Protocol module storage server, credible label generate and verifying equipment and credible label Verification server, it is characterised in that:

Unsymmetrical key or digital certificate generate center, are used to generate digital certificate or asymmetric to credible label owner Key；Credible tag encryption protocol module storage server, for storing the credible tag encryption agreement of credible label owner Module information, including public key information or digital certificate information or digital signature information or trusted timestamp or credible body Part timestamp information；

Credible label Verification server, for recording the verifying event of credible label and the details of anti-counterfeit commodities, It can be used for executing the authentication module of credible label, realize cloud verifying；

The generation of credible label with verifying equipment include:

Trusted timestamp generation module generates digital digest according to credible label substance, and takes to the trusted timestamp Business device application trusted timestamp, and the trusted timestamp is inputted into credible tag generation module；

Trusted identity timestamp generation module generates digital digest according to credible label raw information, and to described credible Identity time stamp server application trusted identity timestamp, and the trusted identity timestamp is inputted into credible label and generates mould Block；

The tag identifier generation module of credible label generates unique tag identifier for each label；

The commodity sign generation module of credible label is that every commodity generate unique commodity sign；

Unsymmetrical key generation module generates oneself private cipher key and public-key cryptography for label owner；

Credible tag generation module, according to credible label raw information or tag identifier or commodity sign or Label validity period or public key information or digital certificate information or digital signature information or trusted timestamp, Or trusted identity timestamp information, generate credible label；

Credible tag readable degree module extracts the digital certificate information being verified in credible label, and is output to number Certification authentication module；The digital signature being verified in credible label is extracted, and is output to digital signature authentication module；It extracts The trusted timestamp being verified in credible label, and it is output to trusted timestamp authentication module；Extraction is verified can beacon Trusted identity timestamp in label, and it is output to trusted identity timestamp verification module；Extraction is verified in credible label Tag identifier, and be output to tag identifier authentication module；Extract the commodity sign that is verified in credible label, and by its It is output to commodity sign authentication module；

Digital certificate authentication module, verifying digital certificate information confirm the authenticity of credible label owner identity；

Digital signature authentication module, verifying digital signature confirm the integrality of credible label substance；

Trusted timestamp authentication module, verifying trusted timestamp confirm credible label substance integrality and credible label The generation time；

Trusted identity timestamp verification module verifies the trusted identity timestamp and confirms the complete of credible label substance Property, the authenticity of the generation time of credible label and credible label owner identity；

The tag identifier authentication module of credible label, inquiring the tag identifier in local or credible label Verification server is It is no to have there is verifying to record, if it is verifying for the first time, then the information of this verifying event is recorded on local or authentication server, Otherwise already existing verifying event information is returned；

The commodity sign authentication module of credible label records the commodity sign on local or credible label Verification server This verifying event information, and return to already existing verifying event information；

Credible label Verification result display module shows that the digital certificate information after being verified or credible label are raw At the time, or corresponding verifying event information and merchandise news.

Credible tag encryption protocol module storage server is X.500 LIST SERVER or ldap directory server, or Person's Web server perhaps ftp server perhaps dns server or cloud storage service device；

Credible label Verification server is that have to record credible label Verification event, commodity purchasing event, commodity and believe in detail The data server of breath；

Credible label Verification server can execute credible label Verification module (including digital certificate authentication module or Digital signature authentication module or trusted timestamp authentication module or trusted identity timestamp verification module or label mark Know authentication module or commodity sign authentication module etc.), to realize the cloud verifying of credible label.

Compared with the prior art, the invention has the following advantages and beneficial effects:

(1) the credible label that generates of the present invention can easily distribute the digital certificate of credible label owner, and can be with Realize off-line verification；

(2) present invention effectively extends the service life of credible label using timestamp, even if credible label owner Digital certificate is no longer valid, but the credible label made before Certificate Revocation still can continue to use；

(3) present invention is embedded in trusted identity timestamp information in credible label, not only ensure that the complete of credible label Property and non repudiation, and also ensure the genuine and believable of credible label owner identity.Therefore, credible label owner is not Application digital certificate must be removed to generate credible label, to reduce cost.And it can also support off-line verification can beacon Label；

(4) present invention replaces digital certificate using the key based on mark, to eliminate application and maintenance digital certificate Expense；

(5) present invention increases unique credible tag identifier in credible label, to avoid the same credible label It is reused；

(6) present invention increases unique commodity sign in credible label, and ensures on same part commodity using identical Commodity sign, to realize to the multiple fake certifications of same part commodity；

(7) present invention is by recycling irreproducible credible label, so as to reduce anti-counterfeiting cost；

(8) present invention increases the validity period of credible label in credible label, so that credible label be made to be provided with timeliness Property；

(9) present invention can show digital certificate information in credible label Verification result display module, and credible label is raw At temporal information and the identity information of credible label owner, the verification time for the first time of commodity, production and logistics of commodity etc. Detailed information of tracing to the source；

(10) present invention is by utilizing label information element (such as label raw information, digital certificate, digital signature, label Mark, commodity sign, public key information etc.) network storage address or query information for inquiring database replace label The complete content of information element realizes the purpose for saving credible label expense, to make technical solution of the present invention ideally Solves the lesser defect in certain label intrinsic informations space；

(11) present invention is by adjusting the resolution ratio of patterned credible label generated and the size of output pattern, Make to republish or the picture of credible label obtained after replicating or the digital information for being included obtained with the first printing it is credible Label is different, or the credible label for alloing the credible label of the first printing correctly to distinguish and replicate again can not be distinguished, from And achieve the purpose that patterned credible label anti-copying；And the dimension information of graphical label is contained in credible label, To prevent the figure of credible label to be amplified duplication.

More specifically, the present invention is to realize the goal of the invention of the digital certificate for simply distributing credible label owner, It is directly that the digital certificate of label owner is embedding when generating credible label in the generation of use and verification method and system Enter credible label, not only solve the problems, such as credential distribution, and the off-line verification of credible label may be implemented.In order to which make can beacon Label may include more raw informations, can the digital certificate content of embedded part or the network storage of digital certificate Address, or for the query information of enquiring digital certificate database, to realize the distribution of digital certificate.

The present invention is in order to solve the Problem of Failure of digital certificate, in the generation of use and verification method and system, in life Trusted timestamp is introduced when at credible label, while guaranteeing anti-tamper credible label and subsequent denial, also determining can Believe the correct time of forming label.It therefore, can be according to the system of credible label when digital certificate is expired or failure It is whether still credible that credible label is verified as the time.Although credible label is in number for example, digital certificate is expired It is generated in the validity period of word certificate, then credible label is still credible.

In order to reduce the cost of credible label owner and simplify the purpose of credible label anti-counterfeit, the generation of use with test It demonstrate,proves in method and system, proposes a kind of novel trusted timestamp with identity information.It is credible compared with trusted timestamp Identity timestamp is signed and issued after applicant's identity is verified at authoritative time-stamping service center.Therefore, trusted identity timestamp Be one can prove that electronic document be applicant by verification a time point with regard to it is already existing, complete, can verify that , electronic certificate with legal effect.After credible label owner application is to trusted identity timestamp, do not having number In the case where certificate, it still is able to generate believable credible label.

The present invention in order to reduce or remit the cost of credible label owner application and maintenance digital certificate, the generation of use with test It demonstrate,proves in method and system, when generating credible label, replaces digital certificate information with the public key information of label owner, Be exactly directly public key information perhaps the network storage address of public key information or for inquire comprising disclose it is close The query information of the database of key information is embedded into credible label.Pass through the identity mark in verifying public-key cryptography or signature Know, or retrieval public-key cryptography whether there is the validity that public-key cryptography is verified in the public-key cryptography library in local or cloud, And the identity information of the credible label owner of verifying.

The present invention in order to avoid credible label reuse, in the generation and verification method and system of use, every A unique tag identifier is increased in one credible label, and on authentication server to for the first time verifying event into Row records, including verifying Time To Event, the IP address of verifier, geographical location information locating for verifier etc..

The present invention is in order to realize the multiple fake certification to same part commodity, in the generation and verification method and system of use In, identical commodity sign is arranged in multiple credible labels to use on same part commodity, and the commodity sign is part quotient Product are exclusive.

The present invention is in order to reduce the use cost of credible label, in the generation of use and verification method and system, if The tag identifier of credible label be it is irreproducible (such as RFID have not revisable unique electronic code, this coding can quilt A part of mark or credible tag identifier as credible label), then after merchandise sales, it can recycle and modify verifying After the database of server, the credible label is reused, is recycled to realize.

The present invention in order to meet certain credible labels of application scenarios requirement with certain timeliness, use generation with In verification method and system, validity period information is increased in credible label, to guarantee that credible label can only be in the validity period Inside it is verified.

Verifier uses credible label to the present invention for convenience, in the generation of use and verification method and system, The identity information of the owner of credible label, digital certificate information, the credible label generation time, the verification time for the first time of commodity, The details such as the production and logistics of commodity are shown in authentication module, so that it is guaranteed that understand in detail can beacon by credible label Verification person The relevant information of label and commodity.

The present invention by using label information element (such as label raw information, digital certificate, digital signature, tag identifier, Commodity sign, public key information etc.) network storage address or query information for inquiring database replace label information The complete content of element realizes the purpose for saving credible label expense, so that technical solution of the present invention be made ideally to solve Certain credible label intrinsic information spaces lesser defects.

The credible label of present invention graphic form in order to prevent is replicated, can be by adjusting credible label generated Resolution ratio and printed dimensions, make to republish or the picture of credible label obtained after replicating or the digital information for being included not Together, thus by comparing the picture of label verified or the digital information for being included whether with the first printing that has saved The information of credible label unanimously achievees the purpose that credible label anti-copying；It can also be by adjusting point of credible label generated Although resolution and printed dimensions, the label for obtaining the first printing produce the loss of information or the mistake of information, but logical Crossing error correction still can correctly distinguish, however the label by replicating the first printing loses more information or introducing More mistakes, so that being more than the error correcting capability of credible label so that it cannot correct distinguish, to reach credible label The purpose of anti-copying；It, can be in order to avoid duplicator evades by amplifying the method for credible label graphic the loss of printing information In credible label comprising the first printing credible label dimension information, and to the size be digitally signed to prevent It is only tampered, when verifying credible label, believes by comparing the size for including in the printed dimensions and label of current credible label Breath, realizes the purpose of credible label anti-copying.

Detailed description of the invention

Fig. 1 is generation and verification method of the present invention using the credible two-dimension code anti-tamper applied to information based on PKI And the building-block of logic of system

Fig. 2 is that the present invention uses the generation for being applied to the anti-tamper credible two-dimension code of information of trusted identity timestamp and tests Demonstrate,prove the building-block of logic of method and system

Fig. 3 is the present invention using generation and the verification method of the credible label applied to commodity counterfeit prevention based on PKI and is The building-block of logic of system

Fig. 4 is generation and authentication of the present invention using the credible label applied to commodity counterfeit prevention of trusted identity timestamp The building-block of logic of method and system

Fig. 5 is the present invention using generation and the verification method of the credible label applied to commodity counterfeit prevention of public-key cryptography and is The building-block of logic of system

Fig. 6 is generation and verification method of the present invention using the credible label applied to commodity counterfeit prevention based on IBC or CPK And the building-block of logic of system

Fig. 7 is the schematic diagram that the present invention realizes anti-copying by adjusting the output resolution ratio of the credible label of figure

Specific embodiment

The raw information that user can be allowed to confirm that credible label is included by using technical solution of the present invention it is complete Property and non-repudiation.In order to understand technical solution of the present invention more easily, combined by taking credible two-dimension code as an example below specific Diagram is further elaborated.

According to Fig. 1, specific embodiments of the present invention (one) are as described below:

Step 1: authentication center CA is that two dimensional code service provider generates digital certificate；

Step 2: two dimensional code service provider generates digital signature, time stamp server two by Digital Signature module It ties up code and generates timestamp；

Step 3: two-dimensional code generation module is signed according to two dimensional code raw information, digital certificate information, timestamp and number Name and generation parameter appropriate generate two dimensional code；

Step 4: when using or verifying two dimensional code, two dimensional code is correctly distinguished by two dimension code reading module, is mentioned Information therein is taken, and is output to timestamp verification module, digital certificate authentication module and digital signature authentication module；

Step 5: timestamp verification module acquisition time from reading information is stabbed information and is verified to it, if verifying is logical It crosses, then shows that QR code content is complete, otherwise two dimensional code is insincere；

Step 6: digital certificate authentication module obtains digital certificate information from reading information, and it is verified with Confirm the identity of two dimensional code service provider；

A. if digital certificate is legal and still in validity period, then it is assumed that the identity of two dimensional code service provider is credible；

B. if digital certificate is although legal but be revoked, but when the generation time of timestamp is earlier than digital certificate revocation Between, and the revocation of certificate the reason is that because of certificate expired, then the identity of two dimensional code service provider is credible, and prompts digital certificate Revocation the reason is that certificate expired；

C. if digital certificate is although legal but be revoked, but when the generation time of timestamp is earlier than digital certificate revocation Between, and certificate revocation the reason is that because certificate and private key divulge a secret, then two dimensional code service provider identity still have it is lower can Reliability needs clearly to prompt the revocation of digital certificate the reason is that certificate and private key is divulged a secret to user.

Step 7: digital signature authentication module obtains digital signature from reading information and verifies to it, if tested Card passes through, then the two dimensional code is not tampered with or forges, and the content in two dimensional code is credible, otherwise insincere.

Whether come from very by using the commodity that technical solution of the present invention can allow user's confirmation to put up credible label Real commodity production manufacturer.In order to understand technical solution of the present invention more easily, make further below with reference to being specifically illustrating Elaboration.

According to Fig. 3, specific embodiments of the present invention (two) are as described below:

Step 1: authentication center CA is that commodity production manufacturer generates digital certificate；Tag identifier generation module generates label Mark；Commodity sign generation module generates commodity sign；

Step 2: digital certificate that commodity production manufacturer obtains the step 1, raw information (including commerical batches, Commodity production time, production site, Corporation web site etc.), tag identifier and commodity sign input digital signature generation module with life At digital signature；Digital digest is generated according to raw information, tag identifier and commodity sign and to when time stamp server application Between stab；

Step 3: credible tag generation module is demonstrate,proved according to raw information, tag identifier, commodity sign, digital signature, number Book and timestamp and generation parameter appropriate, generate credible label；

Step 4: when using or verifying credible label, credible label is carried out by credible tag readable degree module correct Recognition, extracts information therein, and be output to tag identifier authentication module, commodity sign authentication module, digital certificate and test Demonstrate,prove module, digital signature authentication module and timestamp verification module；

Step 5: timestamp verification module acquisition time from reading information is stabbed information and is verified to it, if verifying is logical It crosses, then shows that credible label is complete, otherwise credible label is insincere and terminates entire verification process, then in credible label Verification Result display module prompt time stabs authentication failed；

Step 6: digital certificate authentication module obtains digital certificate information from reading information, and verifies to it, such as Then credible label is insincere for fruit authentication failed, and terminates entire verification process, then in credible label Verification result display module Middle prompt digital certificate authentication failure, meets following three situation and is believed that credible label owner's (i.e. commodity production manufacturer) Identity is credible:

A. if digital certificate is legal and still in validity period, then it is assumed that the identity of commodity production manufacturer is credible；

B. if digital certificate is although legal but be revoked, but when the generation time of timestamp is earlier than digital certificate revocation Between, and the revocation of certificate the reason is that because of certificate expired, then the identity of commodity production manufacturer is credible, and shows mould in verification result Prompt the revocation of digital certificate the reason is that certificate expired in block；

C. if digital certificate is although legal but be revoked, but when the generation time of timestamp is earlier than digital certificate revocation Between, and the revocation of certificate the reason is that because certificate and private key is divulged a secret, then the identity of commodity production manufacturer still has lower credible Degree, needs clearly to prompt the revocation of digital certificate the reason is that certificate and private key is divulged a secret to user in verification result display module.

Step 7: digital signature authentication module obtains digital signature from reading information and verifies to it, if tested Card passes through, then the credible label is not tampered with or forges, and the content in credible label is credible, and otherwise label substance is insincere simultaneously Terminate entire verification process, digital signature authentication failure is then prompted in credible label Verification result display module；

Step 8: tag identifier authentication module obtains tag identifier from reading information, inquires credible label Verification service Whether the tag identifier has had verifying to record in device, if do not recorded, this verifying thing is recorded on authentication server The information of part is (locating when including facility information used in verification time, verifier, the IP address of verifier, verifier's verifying Geographical location etc.), and continue the verifying of credible label；If have existed record, and credible label be it is reproducible, then directly It connects and jumps to step 10；

Step 9: commodity sign authentication module obtains commodity sign from reading information, in credible label Verification server Whether middle inquiry commodity sign has had verifying to record, if do not recorded, this verifying is recorded on authentication server The information of event；

Step 10: credible label Verification result display module is read and display label identity verification module and commodity sign are tested Card module return as a result, if credible label be it is irreproducible, show verification time for the first time and merchandise news；If can Beacon label are reproducible, and this verifying is the verifying for the first time bought after commodity, and without being somebody's turn to do on authentication server The tag identifier of credible label and the verifying record of commodity sign, then the commodity are from the factory for possessing the digital certificate Otherwise quotient shows that the credible label is to obtain by duplication, and judge the commodity for fakement；If this verifying is purchase commodity Afterwards non-is verified for the first time, and does not have the verifying of the credible label to record but have existed identical commodity mark on authentication server The verifying of knowledge records, then shows that the commodity from the production firm for possessing the digital certificate, and are bought in the commodity sign It is corresponding to verify recorded time for the first time, otherwise show that the credible label is to obtain by duplication and the commodity are fakement.

According to Fig. 4, specific embodiments of the present invention (three) are as described below:

Step 1: tag identifier generation module generates tag identifier；Commodity sign generation module generates commodity sign；According to Label raw information, tag identifier and commodity sign and the identity information of commodity production manufacturer generate digital digest, and to can Letter identity time-stamping service center is filed an application, after the identity of commodity production manufacturer is verified at trusted identity time-stamping service center, According to the digital digest, precise date/time by the identity information of audit, and from authoritative time source is signed Name generates trusted identity timestamp；

Step 2: credible tag generation module according to raw information, tag identifier, commodity sign, production firm identity Information and trusted identity timestamp and generation parameter appropriate, generate credible label；

Step 3: when using and verifying credible label, credible label is carried out by credible tag readable degree module correct Recognition, when extracting information therein, and being output to tag identifier authentication module, commodity sign authentication module and trusted identity Between stab authentication module；

Step 4: trusted identity timestamp verification module obtains trusted identity timestamp information from reading information and to it Verifying, if the verification passes, then shows that credible label is complete, otherwise credible label is insincere and terminates entire verification process, so Trusted identity timestamp authentication failed is prompted in credible label Verification result display module afterwards；

Step 5: tag identifier authentication module obtains tag identifier from reading information, inquires credible label Verification service Whether the tag identifier has existed verifying record in device, if do not recorded, this verifying is recorded on authentication server The information of event is (locating when including facility information used in verification time, verifier, the IP address of verifier, verifier's verifying Geographical location etc.), and continue the verifying of credible label；If have existed record, and credible label be it is reproducible, then Leap to step 7；

Step 6: commodity sign authentication module obtains commodity sign from reading information, in credible label Verification server Whether middle inquiry commodity sign has existed verifying record, if do not recorded, records this on authentication server and tests The information of card event；

Step 7: credible label Verification result display module is read and display label identity verification module and commodity sign are tested Card module return as a result, if credible label be it is irreproducible, show verification time for the first time and merchandise news；If can Beacon label are reproducible, and this verifying is the verifying for the first time bought after commodity, and without being somebody's turn to do on authentication server The tag identifier of credible label and the verifying record of commodity sign, then the commodity are from body described in trusted identity timestamp Otherwise the corresponding production firm of part information shows that the credible label is to obtain by duplication, and judge the commodity for fakement；If This verifying is that non-after buying commodity is verified for the first time, and do not have on authentication server the verifying of the credible label record but The verifying record for having existed identical commodity sign, then show that the commodity are believed from identity described in trusted identity timestamp Corresponding production firm is ceased, and buys verifying the recorded time for the first time corresponding in the commodity sign, otherwise shows that this is credible Label be by duplication obtain and the commodity be fakement.

According to Fig. 5, specific embodiments of the present invention (four) are as described below:

Step 1: commodity production manufacturer generates the private cipher key of oneself by unsymmetrical key generation module and discloses close Key, and public key information and the identity information of production firm are updated to public key information library, it is generated by tag identifier Module generates the tag identifier of credible label, and the commodity sign of credible label is generated by commodity sign generation module；

Step 2: public-key cryptography that commodity production manufacturer obtains the step 1, raw information (including commerical batches, Commodity production time, production site, Corporation web site etc.), tag identifier and commodity sign input digital signature generation module with life At digital signature；

Step 3: credible tag generation module according to credible label raw information, tag identifier, commodity sign, disclose it is close Key information, digital signature and generation parameter appropriate, generate credible label；

Step 4: when using or verifying credible label, credible label is carried out by credible tag readable degree module correct Recognition, extracts information therein, and be output to public-key cryptography authentication module, digital signature authentication module, tag identifier and test Demonstrate,prove module and commodity sign authentication module；

Step 5: public-key cryptography authentication module obtains public key information from reading information, and in public-key cryptography library Inquiry whether there is the disclosure key, if it is present thinking that the disclosure key is legal, otherwise terminate verification process and assert to be somebody's turn to do Commodity are fakement.

Step 6: digital signature authentication module obtains digital signature from reading information and verifies to it, if tested Card passes through, then the credible label is not tampered with or forges, and the content in credible label is credible, otherwise terminates verification process and recognizes The fixed commodity are fakement；

Step 7: tag identifier authentication module obtains tag identifier from reading information, inquires credible label Verification service Whether the tag identifier has existed verifying record in device, if do not recorded, this verifying is recorded on authentication server The information of event is (locating when including facility information used in verification time, verifier, the IP address of verifier, verifier's verifying Geographical location etc.), and continue the verifying of credible label；If have existed record, and credible label be it is reproducible, then Leap to step 9；

Step 8: the commodity sign authentication module of credible label obtains commodity sign from reading information, in credible label Inquire whether the commodity sign has existed verifying record in authentication server, if do not recorded, on authentication server The information for recording this verifying event, otherwise exports already existing verifying event information to credible label Verification as the result is shown Module；

Step 9: credible label Verification result display module read and show credible label tag identifier authentication module and Commodity sign authentication module return as a result, if credible label be it is irreproducible, show verification time for the first time and commodity Information；If credible label is reproducible, and this verifying is the verifying for the first time bought after commodity, and in the service for checking credentials There is no the verifying of the tag identifier of the credible label and commodity sign record on device, then the commodity are from possessing the disclosure key Production firm, otherwise show that the credible label is obtained by duplication, and judge the commodity for fakement；If this verifying is Non- after purchase commodity is verified for the first time, and does not have the record of the credible label on authentication server but has existed identical quotient The record of product mark then shows that the commodity from the production firm for possessing the disclosure key, and are bought in the commodity sign pair That answers verifies recorded time for the first time, otherwise shows that the credible label is to obtain by duplication and the commodity are fakement.

According to Fig. 6, specific embodiments of the present invention (five) are as described below:

Step 1: being that commodity production manufacturer generates private cipher key and public-key cryptography by IBC or CPK key generation centre, The tag identifier that credible label is generated by tag identifier generation module generates credible label by commodity sign generation module Commodity sign；

Step 2: public key information that commodity production manufacturer obtains the step 1, raw information (including commodity batch Secondary, commodity production time, production site, Corporation web site etc.), tag identifier and commodity sign input digital signature generation module with Generate digital signature；

Step 3: credible tag generation module according to credible label raw information, tag identifier, commodity sign, disclose it is close Key information, digital signature and generation parameter appropriate, generate credible label；

Step 4: when using or verifying credible label, credible label is carried out by credible tag readable degree module correct Recognition, extracts information therein, and be output to digital signature authentication module, tag identifier authentication module and commodity sign and test Demonstrate,prove module；

Step 5: digital signature authentication module obtains digital signature from reading information and verifies to it, if tested Card passes through, then the credible label is not tampered with or forges, and the content in credible label is credible, otherwise terminates verification process and recognizes The fixed commodity are fakement；

Step 6: tag identifier authentication module obtains tag identifier from reading information, inquires credible label Verification service Whether the tag identifier has existed verifying record in device, if do not recorded, this verifying is recorded on authentication server The information of event is (locating when including facility information used in verification time, verifier, the IP address of verifier, verifier's verifying Geographical location etc.), and continue the verifying of credible label；If have existed record, and credible label be it is reproducible, then Leap to step 8；

Step 7: the commodity sign authentication module of credible label obtains commodity sign from reading information, in credible label Inquire whether the commodity sign has existed verifying record in authentication server, if do not recorded, on authentication server The information for recording this verifying event, otherwise exports already existing verifying event information to credible label Verification as the result is shown Module；

Step 8: credible label Verification result display module read and show credible label tag identifier authentication module and Commodity sign authentication module return as a result, if credible label be it is irreproducible, show verification time for the first time and commodity Information；If credible label is reproducible, and this verifying is the verifying for the first time bought after commodity, and in the service for checking credentials There is no the verifying of the tag identifier of the credible label and commodity sign record on device, then the commodity are from possessing the disclosure key Production firm, otherwise show that the credible label is obtained by duplication, and judge the commodity for fakement；If this verifying is Non- after purchase commodity is verified for the first time, and does not have the record of the credible label on authentication server but has existed identical quotient The record of product mark then shows that the commodity from the production firm for possessing the disclosure key, and are bought in the commodity sign pair That answers verifies recorded time for the first time, otherwise shows that the credible label is to obtain by duplication and the commodity are fakement.

Basic principles and main features and advantage of the invention have been shown and described above.The technical staff of the industry should Understand, the present invention is not limited to the above embodiments, and the above embodiments and description only describe originals of the invention Reason, without departing from the spirit and scope of the present invention, the present invention also has various change, these variations both fall within requirement and protect In the scope of the invention of shield.The claimed scope of the invention is defined by the following claims.

Claims (13)

1. generation and the verification method of a kind of credible label based on rivest, shamir, adelman, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable credible that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, credible label raw information is determined The authenticity and non repudiation of integrality and non-repudiation and credible label owner identity；

The credible tag encryption protocol module includes digital certificate information and digital signature information；It is verified in step 4 credible When tag encryption protocol module, the validity by verifying the digital certificate information in credible label verifies credible label owner Identity, the integrality of credible label raw information is determined by verifying the digital signature information in credible label.

2. generation and the verification method of a kind of credible label based on rivest, shamir, adelman, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable credible that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, credible label raw information is determined The authenticity and non repudiation of integrality and non-repudiation and credible label owner identity；

The credible tag encryption protocol module includes digital certificate information, digital signature information, trusted timestamp or can Believe identity timestamp information；When step 4 verifies credible tag encryption protocol module, by verifying the number in credible label The validity of certificate information authenticates the identity of credible label owner, is determined by the digital signature information verified in credible label The integrality of the raw information of credible label, by verifying trusted timestamp or trusted identity timestamp letter in credible label Breath ensures that credible label generates the integrality of time and content.

3. generation and the verification method of a kind of credible label based on rivest, shamir, adelman, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable credible that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, credible label raw information is determined The authenticity and non repudiation of integrality and non-repudiation and credible label owner identity；

The credible tag encryption protocol module includes trusted identity timestamp information；Verifying credible tag encryption agreement mould When block, pass through the trusted identity timestamp information in the credible label of verifying, it is ensured that credible label generates the complete of time and content Whole property, and the identity of the credible label owner of certification.

4. generation and the verification method of a kind of credible label based on rivest, shamir, adelman, comprising the following steps:

Step 1: credible tag format is set by raw information；

Step 2: credible tag encryption protocol module is set；

Step 3: it is believable credible that encryption is generated according to the raw information of credible tag format and credible tag encryption protocol module Label；

Step 4: when verifying credible label, by verifying credible tag encryption protocol module, credible label raw information is determined The authenticity and non repudiation of integrality and non-repudiation and credible label owner identity；

The credible tag encryption protocol module includes public key information, digital signature information, trusted timestamp or can Believe identity timestamp information；

When verifying credible tag encryption protocol module, the true of label owner's identity is verified by verifying public key information Reality and non repudiation determine the integrality of credible label raw information by verifying the digital signature information in credible label And non repudiation, ensure credible label by verifying trusted timestamp in credible label or trusted identity timestamp information Generate the integrality of time and content.

5. generation and the verification method of the credible label according to claim 4 based on rivest, shamir, adelman, feature It is:

Public key information in the credible label authenticates the identity of credible label owner according to the following method:

A. if public-key cryptography and private cipher key are raw by the key generation centre of identity-based id password system (IBC) At then the public key information includes the parameter information of public-key cryptography and verifying signature, or including storage public-key cryptography letter The network address information of breath, or include the query information for inquiring the database comprising public key information；

If the digital signature authentication in credible label passes through, prove that public-key cryptography is legal, has also turned out credible label and gathered around The identity for the person of having is credible；

B. if public-key cryptography and private cipher key are generated by the key generation centre of Conbined public or double key management system (CPK), The public key information includes public key matrix and mapping algorithm, or the letter of the network address including storing public key information Breath, or include the query information for inquiring the database comprising public key information；If the number label in credible label Name is verified, then the entity identifier for including in attestation-signatures is legal, and the identity for also having turned out credible label owner is credible；

C. it if public-key cryptography is the common key not comprising identification information, and is not included in digital certificate, then it is described Public key information includes public-key cryptography, perhaps including storing the network address information of public key information or including being used for Inquiry comprising public key information database query information, when verify public-key cryptography legitimacy need inquire locally or Public-key cryptography library in cloud server,

If there are the digital signature authentications in the public key information and credible label to pass through in public-key cryptography library, Think that the identity of credible label owner is credible, it is otherwise insincere；

If the corresponding private cipher key of public-key cryptography has been leaked or failed, deleted in the public-key cryptography library in local or cloud Corresponding public key information；Signature or Encryption Algorithm may be embodied in public key information, also can store in local Or cloud；

D. if public-key cryptography is included in the digital certificate of oneself signature, the identity for authenticating credible label owner uses the C Method；If public-key cryptography is included in the digital certificate that authentication center CA is signed and issued, the public key information includes Digital certificate information, network address information perhaps including digital certificate information or including for inquiring comprising number The query information of the database of certificate information, if digital certificate authentication passes through, and the digital signature authentication in credible label Pass through, then the identity of credible label owner is credible, otherwise insincere.

6. generation and the verification method of the credible label according to claim 2 or 3 based on rivest, shamir, adelman, special Sign is: the trusted identity timestamp is by trusted identity time stamp server to the precise date from authoritative time source And the time, according to credible label raw information generate digital digest, the identity information of the credible label owner by audit, It is digitally signed and generates.

7. generation and the authentication of the credible label according to any one of claims 1-4 based on rivest, shamir, adelman Method, it is characterised in that:

If credible label is a kind of graphical label, by adjusting the resolution ratio and graphic printing ruler of credible label generated It is very little, make to republish the picture of credible label obtained after replicating or the digital information for being included it is different, thus by comparing institute The picture of the label of verifying or the digital information for being included whether with the picture of the credible label of the first printing saved or Digital information unanimously achievees the purpose that credible label anti-copying；

If there is credible label error correcting capability to make by adjusting the resolution ratio and graphic printing size of credible label graphic The first printing introduce mistake within the scope of the error correcting capability of credible label, and make by duplication the first printing can beacon The mistake for printing introducing again for signing figure is more than the error correcting capability of credible label, to realize the credible label of the first printing It can correctly be distinguished, and the credible label of copying and printing can not be distinguished correctly；

It in the label include the dimension information of label printed pattern if credible label is a kind of graphical label of anti-copying, When verifying credible label, figure mark is determined by size nominal in the full-size(d) and label of comparison current Graphics label Whether label are replicated.

8. the generation of any credible label based on rivest, shamir, adelman and authentication in -5 according to claim 1 Method, it is characterised in that:

Include credible tag identifier in the raw information of the credible label, is one for identifying the unique of a credible label Coding；

Include commodity sign in the raw information of the credible label, is one for identifying unique coding an of commodity；

If a credible label can be replicated, need to be tested for the first time in each credible label comprising credible tag identifier When card, the record verifying event information in authentication module or background server uses one or more tools on the part commodity There is the credible label of the Unique Product mark of the commodity, wherein the commodity sign of each credible label part commodity having the same With respective unique tag identifier, each credible label is secrecy before verifying for the first time；

If a credible label be it is irreproducible, for the first time verify before do not need to make at any secrecy the credible label Reason；

If the tag identifier of a credible label is that irreproducible and label other contents can be written, this Label can be recorded and be recycled in background program after commodity are used, and then re-write new commodity sign for another Part commodity it is anti-fake.

9. generation and the authentication of the credible label according to any one of claims 1-4 based on rivest, shamir, adelman Method, it is characterised in that:

Effective storage life in the raw information of the credible label comprising the label is tested simultaneously when verifying credible label Current time is demonstrate,proved whether in the effective storage life of the label, if current time is not in the effective storage life of the label Interior, then the credible label is insincere.

10. generation and the authentication of the credible label according to any one of claims 1-4 based on rivest, shamir, adelman Method, it is characterised in that:

If including digital certificate information in credible label, when being verified, show that digital certificate is believed in display module Breath, so that verifier be facilitated to understand the identity information of credible label owner and the issuer information of digital certificate；

If in credible label include timestamp information, when being verified in display module Presentation Time Stamp information, from And verifier is facilitated to understand generation time of credible label；

If including trusted identity timestamp in credible label, trusted identity timestamp information is shown when being verified, from And verifier is facilitated to understand the generation time of credible label and the identity information of credible label owner；

If successful acquisition is to the time t1 and position of this time t2 verified and location information P2 and last time good authentication Information P1 then calculates the displacement R=(P2-P1) and time difference T=(t2-t1) verified twice, and obtains speed V=R/T,

If the value of speed V is more than the early warning speed of setting, warning information is generated in display module.

11. generation and the authentication of the credible label according to any one of claims 1-4 based on rivest, shamir, adelman Method, it is characterised in that:

A. the credible label includes at least one of:

A. complete digital certificate content；

B. the partial content of digital certificate；

C. the network storage address of digital certificate；

D. digital certificate library information；

E. digital certificate LIST SERVER information；

F. complete digital certificate chain information；

G. the network storage address of digital certificate chains；

H. for inquiring the query information of the database comprising digital certificate or digital certificate chains；

I. complete digital signature；

J. the network storage address of digital signature；

K. for inquiring the query information of the database comprising digital signature；

L. complete public key information；

M. the network storage address of public key information；

N. for inquiring the query information of the database comprising public key information；

O. the tag identifier of credible label；

P. the commodity sign of credible label；

Q. the validity period of credible label；

R. complete credible label raw information；

S. the HASH value of credible label raw information；

T. the network storage address of credible label raw information；

U. for inquiring the query information of the database comprising raw information；

V. the identity information of credible label owner；

W. the network address of credible label Verification server；

B. it if the credible label includes the network storage address of digital certificate or digital certificate chains, verifies credible label and adds Pass through network downloading digital certificate when close protocol module；

C. if the credible label includes the information of digital certificate library or LIST SERVER, credible tag encryption is verified Pass through network downloading or enquiring digital certificate when protocol module；

D. if the credible label includes the network storage address of public key information, credible tag encryption agreement mould is verified Public key information is downloaded by network when block；

E. if the credible label includes the network storage address of digital signature, credible tag encryption protocol module is verified When digital signature downloaded by network；

F. if the credible label includes the network storage address of trusted timestamp or trusted identity timestamp, verifying can Trusted timestamp or trusted identity timestamp are downloaded by network when beacon label cryptographic protocol module；

G. if including the identity information of credible label owner in the credible label raw information, credible label is verified When can pass through identity information, the identity information in digital certificate, trusted identity time compared in credible label raw information Whether the identity information in stamp is credible come the identity for further verifying credible label owner；

H. the downloading and verifying of the credible label information may operate in the local of authentication module, also may operate in cloud End；

I. the raw information can be in plain text, can also be by encryption；

J. the raw information can be label original contents perhaps the HASH value of original contents or the net of original contents Network storage address, or the query information for inquiring the database comprising original contents；

It K., can be credible tag encryption agreement mould if there is the credible label full stop to indicate that raw information terminates Block is placed on behind the full stop；

L. the credible label is the form of printing or electronics；

M. the credible label is two dimensional code perhaps customized pattern perhaps RFID tag or NFC label, Huo Zhe electricity Subtab perhaps chip tag or sensor tag.

12. a kind of anti-counterfeiting system of credible label, including unsymmetrical key or digital certificate generate center, credible tag encryption association Discuss module storage server, credible label generates and verifying equipment and credible label Verification server, it is characterised in that:

Unsymmetrical key or digital certificate generate center, are used to generate digital certificate or asymmetric close to credible label owner Key；

Credible tag encryption protocol module storage server, for storing the credible tag encryption agreement mould of credible label owner Block message, including public key information or digital certificate information or digital signature information or trusted timestamp or trusted identity Timestamp information；

Credible label Verification server can also for recording the verifying event of credible label and the details of anti-counterfeit commodities With the authentication module for executing credible label, cloud verifying is realized；

The generation of credible label with verifying equipment include:

Trusted timestamp generation module generates digital digest according to credible label substance, and to the trusted timestamp server Apply for trusted timestamp, and the trusted timestamp is inputted into credible tag generation module；

Trusted identity timestamp generation module generates digital digest according to credible label raw information, and to the trusted identity Time stamp server application trusted identity timestamp, and the trusted identity timestamp is inputted into credible tag generation module；

The tag identifier generation module of credible label generates unique tag identifier for each label；

The commodity sign generation module of credible label is that every commodity generate unique commodity sign；

Unsymmetrical key generation module generates oneself private cipher key and public-key cryptography for label owner；

Credible tag generation module, according to credible label raw information or tag identifier or commodity sign or label Validity period or public key information or digital certificate information or digital signature information or trusted timestamp can Believe identity timestamp information, generates credible label；

Credible tag readable degree module extracts the digital certificate information being verified in credible label, and is output to digital certificate Authentication module；The digital signature being verified in credible label is extracted, and is output to digital signature authentication module；Extraction is tested The trusted timestamp in credible label is demonstrate,proved, and is output to trusted timestamp authentication module；Extraction is verified in credible label Trusted identity timestamp, and be output to trusted identity timestamp verification module；Extract the mark being verified in credible label Label mark, and it is output to tag identifier authentication module；The commodity sign being verified in credible label is extracted, and is output it To commodity sign authentication module；

Digital certificate authentication module, verifying digital certificate information confirm the authenticity of credible label owner identity；

Digital signature authentication module, verifying digital signature confirm the integrality of credible label substance；

Trusted timestamp authentication module, verifying trusted timestamp confirm the integrality of credible label substance and the life of credible label At the time；

Trusted identity timestamp verification module verifies the integrality that the trusted identity timestamp confirms credible label substance, The authenticity of the generation time of credible label and credible label owner identity；

Whether the tag identifier authentication module of credible label inquires in local or credible label Verification server the tag identifier There is verifying to record, if it is verifying for the first time, then records the information of this verifying event on local or authentication server, otherwise Return to already existing verifying event information；

The commodity sign authentication module of credible label records the sheet of the commodity sign on local or credible label Verification server Secondary verifying event information, and return to already existing verifying event information；

Credible label Verification result display module, when showing that the digital certificate information after being verified or credible label generate Between, or corresponding verifying event information and merchandise news.

13. a kind of anti-counterfeiting system of credible label described in claim 12, it is characterised in that:

Credible tag encryption protocol module storage server be X.500 LIST SERVER perhaps ldap directory server or Web server perhaps ftp server perhaps dns server or cloud storage service device；

Credible label Verification server is with recording credible label Verification event, commodity purchasing event, commodity details Data server；

Credible label Verification server can execute credible label Verification module to realize the cloud verifying of credible label.